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Description 



Method for licensing and/or authorizing access to software 
modules in a switching device 



Technical area 



5 The invention relates to a method for licensing and/ or 

authorizing access to software modules in a computer-controlled 
switching device. 



In a communication network, such as the telephone network for 
10 example, the connection between geographically remote 

communication subscribers" is made by defining sections of a 
transmission path one at a time. The path selection is the 
central task of computer-controlled switching devices. These 
types of switching devices are also known as switching 
15 processors, call processors or node processors. 

In current private branch exchange networks, computer- 
controlled switching devices are operated as both conventional 
telecommunication systems and also as pure IP systems. It is 
usual to have systems in different size categories, i.e. small 
20 private branch exchanges with up to 15 extensions up to large 
private branch exchange systems with a tens of thousands of 
extensions. The function and services of ISDN private branch 
exchange systems are defined in the international standards of 
the ITU." 

25 Each private branch exchange access line has a range of 
functions predetennained by service features, which are 
predetermined in the assigned switchboard computer by 
configuration or administration of software modules. This 
configuration or administration can be instigated by the 
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operator of the private branch exchange network or undertaken 
by operators themselves by using administration commands of the 
control to activate software modules in a switching device. 

Services features are divided up in accordance with the type of 
5 traffic into service features for incoming traffic, for 

outgoing traffic, for routing, for Internet traffic, for charge 
data recording, for call diversion, interception, for different 
multilingual text outputs, ISDN service features etc. Each of 
these service features corresponds in the switching device to a 
10 specific function component, which is mostly implemented by a 
software module. 

The currently available functionality of a switching device is 
determined by the software modules activated. As a rule the 
operator of the private branch exchange network* obtains a 
15 license from the. manufacturer of the switching device to use 
these software modules. 

Since requirements imposed on a communication system must be 
oriented to the predetermined demands of the communication 
user, it is necessary from time to time to reconfigure or 

20 administer the capacity stage of switching devices in the 

network. Thus for example it can be necessary to increase the 
maximiam possible number of communication users of a -private 
branch exchange, or to of fer ,new, improved service features. 
This adaptation can be achieved by loading new software modules' 

25 into the database of the switching device and adapting the 

usage license of the operator accordingly. The loading of new 
software models is however associated with a corresponding 
outlay so that manufacturers of the switching devices have gone 
over to delivering the devices with a full range of application 

30 software, but with the application software only being able to 
be used within the framework of a licensing agreement made 
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between the device manufacturer and the network operator. The 
manufacturer of switching devices makes every effort in such 
cases to ensure, by means of protection mechanisms, that the 
actual scope of usage only varies within the framework of this 
5 licensing agreement and that misuse of tHe arrangement is 
largely excluded. 

Various protection mechanisms for software products are known 
from computer technology. With personal computers it is usual 
nowadays to use what are known as dongles. A dongle is an 

10 additional hardware part and contains unique and immutable 

characteristic information. When the software to be protected 
is started the program interrogates the dongle to ensure that 
the corresponding characteristic information is stored in it. 
If it is, the software can run on the personal computer, if not 

15 the execution is not permitted. A dongle can also used for a 
specific software product on a another processor unit provided 
the hardware and the operating system match. If a number of 
software products are used on a computer system they each 
require the corresponding dongle. 

20 The use of dongles in the configuration or administration of 
switching devices is cxombersome and problematic as regards 
security since there is no provision for storing digital keys 
with a dongle. 

Presentation of the invention 

25 The underlying object of the invention is to simplify the 

licensing and/or access authorization for software modules in a 
computer-controlled switching device and to allow flexible 
adaptation to changing demands. 

The object is achieved by the features of claim 1. The 
30 subclaims relate to advantageous embodiments of the invention. 
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The main aspect of the inventive solution proposed consists of 
making software modules which are already kept with the full 
range of functions in a switching device scalable, i.e. only 
able to be used within a predetermined licensing framework. 

5 In accordance with the invention there is provision for use of 
a licence database in which a all those software modules are 
stored with the full range of functions which are necessary for 
a full capacity stage of the switching device. The license 
database can for example be implemented by conventional disk 

10 storage, a hard disk. License information is assigned to each 
software module on this hard disk. If, as a result of a 
configuration or administration, at least one of these software 
. modules is activated, in a first step an interaction is 
initiated between the licence database and a computer-readable 

15 data carrier. The aim of this interaction is to check the 

unique relationship between the hard disk used for the database 
and secret information stored on a computer-readable data 
carrier. This identity checking can for example be xmdertaken 
by comparing the hard disk identification niomber and a secret 

20 key stored on the computer- readable data carrier. The result of 
this identity checking is hardware characteristic information 
which provides information about whether the key and the 
storage hardware match each other. In a further step this 
hardware characteristic is now transferred together with the 

25 license information of the at least one software module from 
the switching computer via a communication connection to a 
license manager geographically remote from the exchange. The 
licence manager decides about the authorization of the at least 
one software module to be configured by generating licence 

30 confirmation information which it sends back to the switching 
device. Communication between the switching device and a 
licence, manager can for example be undertaken via a telephone 
or fax connection or can be established by computer 
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communication Since the licence manager has access on the one 
hand to information about the identity of the hardware platform 
and on the other hand to information about the scope of usage 
of software modules operated on it, the licensing or access 
5 authorization to software modules is possible in a simple 
manner . 

. To largely exclude misuse a cryptographic algorithm is used in 
the interaction between the licence database and the computer- 
readable data carrier. 

10 It is preferred that an asymmetric encryption method which is 
known per se is used in the interaction between the licence 
database and the computer -readable data carrier. 

Preferably the computer-readable data carrier is embodied as a 
portable data carrier. This means that in the case of a 

15 hardware failure a main circuit board can simply be replaced 
and the portable data carrier can continue to be used on the 
new main circuit board. The switching device does not have 'to 
be completely reconfigured. This is of decisive importance 
since the downtimes of a switching device can be significantly 

20 reduced in this way. 

The portable data carrier can advantageously be embodied as a 
smart card, a chip card or a Secure Digital/MultiMedia Card. 
Compared to a software dongle the above cards are more cost 
effective. These cards are used and handled in much the same 
25 way as the SIM cards used in mobile telephones. These are plug- 
in cards and can thus continue to be used in a new switching 
device. 

As regards data security it is useful for the hardware 
characteristic information and the licensing information to be 
30 transferred by the switching computer to the licence manager in 
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encrypted form. The security level is scalable through the 
functional scope of the above-mentioned cards. 

In a preferred embodiment the licence manager is implemented as 
a server which is administered by the manufacturer of the 
5 switching device. The server features a licence reference 

database This contains, in the form of reference information, 
the licences which have been purchased by an operator. 

In this case it is recommended that the licence manager, when 
it generates the license confirmation information, uses a 

10 licence reference database in which reference, information is 
stored containing reference information assigned to operators 
• of switching devices in each case. This not only facilitates 
the administration of licences but also makes it possible for 
large customers to administer licences in a licence pool for 

15 example. This means that licences in the licence pool which 
have been paid for it but are not being used can be flexibly 
assigned to the actual requirements of the customer. 

In a preferred embodiment there is provision for the licensing 
information of a software module to be configured to be 
20 contained in the licences purchased by the operator, for 
licensing confirmation information to be generated which 
authorizes the continuous operation of the software module in 
the switching device. 

In a further preferred embodiment there is provision, in the 
25 case in which the licence information of a software module to 
be configured is not contained in the licences purchased by the 
operator, for licensing confirmation information to be 
generated which authorizes test operation of the software 
module in the switching device over a predetermined period of 
30 time. 
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It is useful if the communication link between the switching 
device and the licence manager is routed via a circuit-switched 
and/or packet-switched communication network. This means that 
the switching device can be remotely administered or remotely 
5 configured by steps that execute automatically. 

Brief description of the drawing 

The invention is explained by examples below with reference to 
the enclosed drawing. 

The single figure shows a schematic diagram of a scenario of 
10 licensing and/or access authorization of software modules of a 
computer-controlled switching device. 

Embodiment of the invention 

The Figure shows a switching device 1 which communicates with a 
license manager 2 via a communications link indicated by arrows 

15 6,7,8. In the switching device 1 the reference number 4 

designates a database (system hard disk) which is part of a 
system database 5. The hard disk 4 is assigned a computer- 
readable data carrier 3 . This data carrier 3 is embodied as a 
SIM card 10. It can be plugged into a reader known as an SSU 

20 (Security Service Unit) arranged on a circuit board of the 

switching device. If the circuit board fails it is possible to 
continue to ixse the SIM card on a new circuit board. The 
functional scope of the controller on the SIM card corresponds 
to some degree to the SIM cards used in bank cards. On the 

25 circuit board a controller ( e.g. of type TDA 8007) for 
activation of the card is assigned to the SIM card. The 
software modules which represents service features of the 
switching device are stored in the licence database 4. 

For the following description of the execution sequence of the 
30 method the initial assumption is made that, although the 
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licence database 4 of the switching device 1 contains all the 
software modules required for full performance of the system, 
only those software modules are currently being used for which 
the operator of the switching device is licensed by the 
5 manufacturer of the switching device. 

To expand the capacity stage of the switching device and adapt 
it to growing demand at least one non-licensed software module 
is activated by the operator. This activation initially 
triggers an interaction between the licence database 4 and the 

10 data carrier 3. (this interaction is shown in the drawing by 
the arrow 9) The aim of this interaction 9 is to check whether 
the system hard disk 4 matches a secret key present on the data 
carrier 3. The result of this identity checking is hardware 
characteristic information which provides information as to 

15 whether the key and^ the memory hardware have been recognized as 
matching each other. 

If this is the case, in a subsequent step (arrow 13) 
corresponding hardware characteristic information is created 
and this is transferred together with the licence information 

20 of the at least one software module from the switching computer 
1 via a communication connection 5 to the licence manager 2 at 
a geographically remote location from the exchange 1 . In the 
licence manager 2 an inquiry is made in a licence reference 
database as to whether the operator identified is authorized to 

25 use the desired or already configured software module in his 
system. If the user is authorized as a result of an existing 
licence agreement, the licence manager 2 decides about the 
authorization of the least one software module to be configured 
in the switching device 1 by generating licence confirmation 

30 information (labelled as "License Confirmation" in the drawing) 
and returning this to the switching device 1. (the return path 
is shown in the drawing by the arrow 8) This adapts the 
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application software of the switching device 1 to the license 
framework in respect of its scope of performance. 

If on the other hand the user does not have the license for the 
desired or newly configured capacity stage version of the 
5 switching device 1, the licence manager creates second licence 
confirmation information which differs from that provided above 
(labelled in the drawings as "30 days trial confirmation"). In 
this case too this second licence conf iormation information is 
returned to the switching device 1. (the return path is shown 
10 in the drawing by the arrow 7) As the arrow 11 ("trial 

confirmation") indicates, this information transferred leads in 
the switching device 1 to the desired configuration capacity 
not been provided for long-term use but only on a test basis, 
for example for a specific period, 30 days in this example. 

15 Test operation is also enabled in case when the key and the 

memory are not recognized as matching each other. This is shown 
in the drawing by the arrow 12 . 

The test operation can be shown on the display of a subscriber 
terminal. In the drawing for example this is shown 

20 schematically by field 14. This shows: The current time of day 
"13:45", the current date "21.09.01", the type of installation 
"HiPath4000" , the own telephone number "32409" as well as the 
label "DEMO". The label "DEMO" indicates that this service 
feature is not enabled on a permanent basis but only for test 

25 purposes . 



